| Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| cloud_endpoints | Cloud Endpoints | protect | partial | T1052.001 | Exfiltration over USB |
Comments
The Cloud Endpoints capability can prevent exfiltration over USB by disabling USB file transfers on enrolled devices through features like device control.
References
|
| cloud_endpoints | Cloud Endpoints | respond | partial | T1078 | Valid Accounts |
Comments
The Cloud Endpoints capability provides support for multiple authentication methods, including API keys and Google ID tokens. Implementing multi-factor authentication (MFA) across account types, including local, domain, and cloud accounts, can prevent unauthorized access even if credentials are compromised.
References
|
| cloud_endpoints | Cloud Endpoints | protect | partial | T1110 | Brute Force |
Comments
Cloud Endpoints allows administrators to set up login challenges, where a user attempting to access an API might be prompted to complete an additional verification step (like entering a code sent to their phone or answering a security question) before being granted access.
References
|
| cloud_endpoints | Cloud Endpoints | protect | partial | T1567.002 | Exfiltration to Cloud Storage |
Comments
Cloud Endpoints can place restrictions on which apps can be installed and accessed on enrolled devices, preventing exfiltration of sensitive information from compromised endpoints to cloud storage.
References
|
| Capability ID | Capability Name | Number of Mappings |
|---|---|---|
| cloud_endpoints | Cloud Endpoints | 4 |